No — employees are not your weakest link.
I just read a remarkable study by Mel Slater, a virtual reality researcher at the University of Barcelona. When people were virtually embodied as Albert Einstein in VR, they performed better on cognitive testing than when embodied as a random person.
Think about what this means for employees’ performance on security-related tasks before you adopt the mantra “employees are the weakest link.”
Interestingly, the same authors published a similar study showing that when subjects were embodied in VR with a Black virtual body, it led to a sustained reduction in their implicit racial bias.
One takeaway for CISOs: instead of doing more “phishing simulation” for employees, we should be doing more “employee simulation” for security teams. ❤️